CVE-2003-0593Path Traversal in Browser

CWE-22Path Traversal3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 46.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Opera Browser
Timeline
PublishedApr 15
Latest updateApr 29

Description

Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDopera/opera_browser23 versions+22

🔴Vulnerability Details

2
GHSA
GHSA-53rf-2cq9-qrrj: Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal se2022-04-29
CVEList
CVE-2003-0593: Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal se2004-03-16
CVE-2003-0593 — Path Traversal in Opera Browser | cvebase